delvingbitcoin

BIP352: PSBT support

BIP352: PSBT support

Original Postby josibake

Posted on: June 21, 2024 14:07 UTC

The discussion revolves around the intricacies of handling silent payment verification by signers in cryptocurrency transactions, specifically focusing on the use of Anti-Counterfeiting Proofs (ACP) and the conditions under which a signer should fail a transaction.

It delves into the technical requirements for signers when encountering transactions with silent payment outputs, emphasizing the need for signers to check for any ACP on inputs they are responsible for signing. The conversation makes it clear that if a sighash type other than ALL is present alongside silent payment outputs, the transaction should be considered invalid by the signer. This is based on the premise that the presence of an unacceptable sighash type, especially in the context of silent payments, necessitates failure.

Further exploration into the topic reveals suggestions for simplifying the process through which signers verify transactions involving silent payments. One proposed method involves signers adding a global share and proof for all inputs if they are capable of signing for them, utilizing a scan key for key data. This approach contrasts with a situation where a signer cannot sign for all inputs, wherein they would add a per-input share and proof specific to each input they can sign for. The dialogue also touches upon the computational and data implications of these methods, particularly in scenarios involving multiple signers with multiple inputs. The challenge of efficiently calculating Elliptic Curve Diffie-Hellman (ECDH) shares is highlighted, especially in complex transactions like coinjoins, where the computational load can significantly increase.

An alternative solution discussed focuses on reducing the computational burden by either proving ownership of all inputs globally or providing proof per group of inputs, thereby duplicating the proof on each relevant input. This method aims to balance the computational and memory demands on signers, acknowledging the varied capabilities of devices that signers might use. The comparison between the two approaches—global versus per-input proofs—underscores the trade-offs between processing power and memory usage, suggesting a preference for strategies that minimize CPU-intensive work without overly taxing the signer's memory capacity by requiring inline proofs for each input before signing.

In conclusion, the conversation encapsulates a technical debate on optimizing the verification process for silent payment transactions in cryptocurrencies. It proposes several methodologies aimed at enhancing efficiency and security, while also considering the practical limitations of signers' hardware capabilities. The emphasis is on ensuring that signers can reliably verify transactions without imposing undue computational or memory demands, thereby supporting the broader goal of secure and efficient cryptographic transactions.